Can use one to four encryption algorithms. Simple, context-menu-based operation. Can keep passphrase in memory. Secure deletion. Text encryption. Filename encryption.

Cons

Passphrase memory can be a security risk for the careless. Fewer features than some competitors.

Bottom Line

CryptoForge offers a simple, context-menu-based approach to encryption and secure deletion, and it also handles text-only encryption. It's a fine choice for keeping your files safe.

Even though you don't have anything incriminating on your smartphone, you're still glad it's encrypted, right? If the FBI wanted to unlock it, they'd have to throw tremendous resources at the problem. Encrypting the most sensitive files and folders on your PC is likewise a good idea. CryptoForge, from Ranquel Technologies, is designed to make encrypting your files and folders easy, and some unusual features make it stand out from the pack.

CryptoForge's peculiar price of $39.70 gets you a lifetime license. That's pretty common in encryption utilities. AxCrypt Premium charges a monthly fee because some of its features require server-side resources. The same is true of CertainSafe Digital Safety Deposit Box, which slices your files into encrypted chunks that get stored on different servers. Most other encryption software is available for a one-time fee.

What Is Encryption? As long ago as the 7th century BC, Greek generals encoded their orders using a skytale (rhymes with Italy). This was a wooden rod of a specific diameter. They'd wrap the rod tightly with a skinny strip of parchment, then write the message lengthwise. The only way to read the message was to wrap it around the stick again. Yeah, that's not a lot of security, but on the battlefield, easy is good.

Comparing modern encryption techniques to the skytale is like comparing a smartphone to an abacus. Their output bears no visible relationship to the data that went in, and cracking a modern encryption algorithm would take an impossibly long time, at least with the current level of computing power available. The US Government's official encryption algorithm is Advanced Encryption Standard (AES). With a larger key size than AES, Bruce Schneier's Blowfish algorithm is theoretically even tougher.

AES, Blowfish, Triple DES, and many other encryption algorithms are symmetric, meaning that you use the same key to decrypt data that you used to encrypt it. If you want to share an encrypted file, you must transmit the key to the recipient, preferably on a different network than the way you sent the file. Public Key Infrastructure (PKI) cryptography avoids that problem. In this system, if I want to send you a file, I look up your public key and encrypt the file with it. You use your private key to decrypt the file. Conversely, if I want to prove to you that a document comes from me and hasn't been modified, I encrypt it with my private key. The fact that you can decrypt it with the public key proves its legitimacy. Yes, those digital signatures actually use PKI.

Getting Started with CryptoForge As is common with encryption utilities, CryptoForge installed quickly. This unusual utility doesn't really have a main window, just a settings dialog. You access its features through the right-click context menu for files and folders, or by clicking its icon in the notification area. Expert users can control CryptoForge from the command line, to automate repeated cryptographic tasks.

Immediately after installation, you create a passphrase in the options dialog. The passphrase can be up to 256 characters long, and CryptoForge rates its quality as you type, just as AxCrypt and InterCrypto Advanced Encryption Package 2016 do.

Also like AxCrypt, CryptoForge can keep your password in memory, either for a specified length of time or until you quit the program or delete the passphrase. A similar feature in Advanced Encryption Package discards the remembered password after a specified amount of idle time. This feature does encourage the use of long, strong passphrases, since you don't have to enter them over and over. However, if you choose to let the app remember it, you must be very sure to clear the passphrase before stepping away from your desk. And lock your Windows account, too.

Cypherix PE and Cypherix SecureIT let you choose whether to use AES or Blowfish for encryption. To those choices, CryptoForge adds Triple DES—which was introduced when the original Data Encryption Standard (DES) proved insufficient—as well as the Soviet standard GOST encryption.

Four encryption algorithms is a decent selection, but it doesn't come close to the 17 algorithms offered by Advanced Encryption Package. What sets CryptoForge apart is the ability to layer more than one algorithm. That way, if a flaw is discovered in one of them, your files are still protected.

By default, CryptoForge compresses files before encryption, but cleverly refrains from trying to compress file types such as ZIP and RAR because they are already compressed. You can crank the compression level from the default Normal up three notches to Maximum, trading size for speed.

If your boss sees a file on your desktop named Job Search, she doesn't have to decrypt it to start worrying. CryptoForge has the unusual ability to encrypt filenames as well as file contents. In AxCrypt, anonymizing the filenames is an extra step.

File Shredding As with most encryption products, CryptoForge comes with a file shredder component. This component overwrites file data before deletion, thereby preventing forensic recovery of files you don't want recovered. You don't necessarily need it for encrypted files, though, as CryptoForge encrypts the files in place, overwriting the unencrypted file.

By default, CryptoForge just overwrites file data once, which is enough to prevent all but hardware-based recovery. It's widely believed that even hardware-based recovery can't possibly get back data that's been overwritten seven times. But if you really want to, and you can spare the time, you can have CryptoForge overwrite as many as 99 times before deletion. Its option to delete folder traces as well as files means that even remnants of the filename won't be around.

Ready, Set, Encrypt! With the configuration behind you, it's time to put CryptoForge to work. When you right-click a non-encrypted file and choose Encrypt, the program encrypts the file according to the choices you made in the Options dialog. If the passphrase has timed out, you may be prompted to reenter it. Right-clicking an encrypted file and choosing Decrypt has the expected effect, as long as the current passphrase is the same one you used to encrypt the file. If not, you get an error message.

You can also shred any file, encrypted or not, from the right-click menu. By default, CryptoForge displays a big, scary warning that this action is irreversible, and asks for your confirmation.

Adept Windows users know that if you drag a file with the right mouse button you get a popup menu that lets you make a copy of the file. When CryptoForge is running, that menu adds an option to encrypt or decrypt a copy. The help system points out that this is faster than encrypting in place, and handy when you don't need to wipe out the originals.

Text Encryption Advanced Encryption Package has the ability to encrypt a block of text to create a text-only encrypted version that you can send by email, IM, or any text medium. Advanced Encrypton Package specifically encrypts or decrypts whatever text is on the clipboard. CryptoForge takes that concept a step further, letting you send files, documents, and formatted text as encrypted text. This works even in situations in which you can't attach files.

You launch the text module from the menu in the notification area. It looks like any simple WYSIWYG text editor, and can even open RTF (rich text) files. Type your message, drag any important files onto it, and click Encrypt. It will prompt for a passphrase—it wouldn't be smart to use the same passphrase you've got protecting all your local files. You can also choose algorithms separately for text encryption. Tap F10 or choose from the menu to send the encrypted text in your default email client.

Your recipient will need a full copy of CryptoForge to decrypt messages and files sent as text. For files encrypted using the context menu, the company supplies a tiny, free, portable, no-install decrypt-only utility called Decrypter. As always, be sure to convey the passphrase separately from the encrypted file.

Other Approaches Like Advanced Encryption Package, AxCrypt, and SecureIT, CryptoForge's main aim is to handle encryption and decryption of files and folders. However, that's not the only way to implement encryption.

Cypherix PE and InterCrypto CryptoExpert 8 both create secure encrypted volumes that look like ordinary disk drives when unlocked. You can move files into and out of the encrypted volumes, edit them, delete them, anything you could do with an actual drive. But when the volume is locked, its contents become completely inaccessible.

CertainSafe differs from the rest of this group in that it keeps your data in a mega-encrypted online vault. Logging in involves a handshake in which you prove who you are to the site, and the site proves its own identity to you. The files themselves aren't stored in any single place, but instead go through a MicroEncryption process that distributes their bits across multiple servers.

A Good Choice Encryption is complicated, and it can be daunting for normal users. CryptoForge does a good job of keeping things simple. It's not as simple as AxCrypt, but it shares AxCrypt's ability to retain a passphrase in memory, obviating the need to enter it over and over. Just don't walk away without signing out. And the option to send encrypted data in text form is a plus.

Neil Rubenking served as vice president and president of the San Francisco PC User Group for three years when the IBM PC was brand new. He was present at the formation of the Association of Shareware Professionals, and served on its board of directors. In 1986, PC Magazine brought Neil on board to handle the torrent of Turbo Pascal tips submitted by readers. By 1990, he had become PC Magazine's technical editor, and a coast-to-coast telecommuter. His "User to User" column supplied readers with tips...
More »